Head of Cyber Strategy, Transformation & GRC

Roles & Responsibilities

About the role

Safeguarding Dyson's intellectual property is fundamental toour ongoing innovation and commercial success. Our global Cybersecurity divisionis instrumental in protecting our pioneering ideas, personal data, andcombating cyber threats.

Utilising advanced technologies, we are resolute inconstantly evolving every dimension of our security infrastructure whether thatbe architecture, technology risk management, cyber operations, or end usersecurity. We commit significant resources to trailblazing security measures,incorporating cutting edge technologies, processes, and talent to proactivelycounter emerging cyber risks. Our cyber operations are orchestrated on a globalscale, supporting key sectors like Product Design, Manufacturing, Supply Chain,eCommerce, and Enterprise IT Systems from strategic locations in the US,UK/Europe, India, Singapore, and China.

As the Head of Cyber Strategy, Transformation & GRC,you are accountable for driving enterprise‑wide cybersecurity improvementsaligned to business strategy, risk appetite, and regulatory obligations.
You will operate as a trusted advisor to executive leadership, translatingbusiness priorities into actionable cybersecurity outcomes, and leading large‑scaletransformation to uplift capability, maturity, and value across thecybersecurity function.

You will drive:

• Programme & portfolio management (PMO):
  Own the end‑to‑end cybersecurity change portfolio, including prioritisation, dependency management, delivery assurance, benefits realisation, and executive reporting.
• Strategic roadmaps & transformation initiatives:
  Define and execute multi‑year cybersecurity strategies and roadmaps that measurably improve risk posture, resilience, and operational effectiveness.
• Financial governance & value management:
  Lead budgeting, forecasting, cost optimisation, and investment planning for the cybersecurity function, including development of business cases, funding submissions, and ROI tracking.
• Governance, Risk & Compliance (GRC):
  Establish and mature enterprise‑level cyber governance frameworks, risk management practices, assurance activities, and regulatory compliance (including policies, standards, controls, and reporting).
• Large‑scale organisational change:
  Lead operating model design, capability uplift, workforce restructuring, and productivity improvements to ensure the cybersecurity function is scalable, efficient, and fit for future demand.
• Vendor & third‑party management:
  Manage cybersecurity’s strategic supplier relationships, commercial discussions, and procurement strategy to maximise value, manage third‑party risk, and reduce operational and financial exposure.
• Cyber compliance, audit & regulatory assurance:
  Support and oversee enterprise cybersecurity compliance and audit activities, including preparation for, execution of, and remediation following internal and external audits. This includes coordination of evidence, control assurance, and executive responses for frameworks and obligations such as PCI DSS, SWIFT Customer Security Programme (CSP), and product security and regulatory requirements (e.g. EU Radio Equipment Directive (RED), Cyber Resilience Act (CRA)), ensuring ongoing compliance and readiness for evolving regulatory expectations.

This role is central to shaping Dyson's global cybersecurityposture and resilience. Your remit is building and driving the roadmap for ouroperational security needs. Your collaboration with various departments,including IT and business units, is crucial for the seamless integration ofcybersecurity measures across Dyson's global operations.

Accountabilities

• Partner with the CISO and other senior leaders, inside and outside of IT, to develop and implement a cohesive cybersecurity strategy that aligns with Dyson's business objectives and mitigates global cyber risks.
• Provide regular briefings to the CISO, CIO, other senior executives, and the board, updating them on the organisation's cyber resilience, emerging threats, and the progress of ongoing cybersecurity resilience projects.
• Define and maintain a multi‑year cybersecurity strategy aligned to enterprise strategy, risk appetite, and regulatory obligations. Translate strategy into measurable roadmaps and executable transformation initiatives.
• Lead transformative initiatives across people, processes, and technology, assisting Dyson’s CISO and CIO in capability planning and the delivery of secure, business enabling technology solutions.
• Continuously assess cybersecurity maturity and drive targeted uplift, through baseline assessments against industry standards such as NIST, performance metrics and Objectives and Key Results (OKRs)
• Establish delivery governance, reporting standards and benefit realisation frameworks, providing clear, timely insight to executives and the Board on progress, risk and value delivery.
• Establish and maintain cyber governance frameworks, policies, standards, and controls. Oversee cyber risk management, assurance activities, and regulatory compliance.
• Lead budgeting, forecasting, and financial management across the cybersecurity function. Develop robust business cases for investment, including cost‑benefit and risk‑reduction analysis and drive cost optimisation without degrading security posture.
• Liaise with IT, business units, and R&D to integrate cybersecurity considerations into every aspect of business operations and product development.
• Engage with key external stakeholders such as cybersecurity vendors, industry peers, and government agencies to extend Dyson’s influence in the global cyber landscape.
• Represent Dyson at vital international forums to encourage growth in IT/OT security and to attract and develop global talent.
• Act as the interim CISO when needed to fulfil organisational requirements.

Skills and abilities

• Problem solver who can see the big picture and develop creative and efficient solutions.
• A leader who can mentor, inspire and motivate a team to achieve results.
• Strong team player and collaborative in approach.
• Able to deliver at pace, with continuous improvement mindset and seeks out differences and challenges.

Professional experience

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or a related field. Further qualifications like CISSP, CISM are highly desirable.
• A minimum of 12 years of experience in executive or global leadership roles, specialising in managing complex, layered initiatives.
• Demonstrable experience in business and service management within a multifaceted, global setting.
• Exceptional leadership qualities and proven capability in managing stakeholders in an international context.

More information

The preservation of our intellectual property is at the coreof Dyson's success. Our global Cyber Security and IT Risk group is fundamentalin securing our innovative ideas and designs, safeguarding customers andemployee personal data, and defending our operations from cyber crime.Utilising advanced technologies, we endeavour to be ahead of the curve,ensuring our most valued assets remain secure.

We maintain a constant focus on transforming and managingevery facet of security spanning architecture, engineering, technology riskmanagement, cyber operations, end user security, and project delivery.Significant investments are made in novel security capabilities, includingtechnology, processes, and people, leveraging our robust cyber ecosystems tocounteract future threats.

At the heart of Dyson's cyber defence priorities lie ProductDesign, Manufacturing, Supply Chain, eCommerce, and Enterprise IT Systems.

We play an instrumental role in the successful design anddelivery of new business and security projects, ensuring our controls andsecurity platforms remain effective and compliant. Our cyber operationscapabilities are delivered on a global 24/7 basis from our strategic locations across the US, UK/Europe, India, Singapore, and China.

Tell employers what skills you have

Forecasting
Regulatory Compliance
governance framework
Process Improvement
Risk Appetite and Goals Setting
Assurance
Capability Development
NIST
Cyber Risk Management
Performance Metrics
Decision Making